Pivotal Container Service v1.0

Manage Users in UAA

Page last updated:

Create and manage users in UAA with the UAA Command Line Interface (UAAC).

Retrieve UAA Admin Credentials

To retrieve the UAA admin client secret, do the following:

  1. In a web browser, navigate to the fully qualified domain name (FQDN) of Ops Manager and click the Pivotal Container Service tile.
  2. Click Credentials.
  3. To view the UAA admin client password, click Uaa Admin Secret. The client username is admin.

With this, you will be able to create a UAA user account.

Grant Cluster Access to a User

To allow a user to access clusters in PKS, do the following using UAAC:

  1. Target your UAA server using uaac target https://UAA-URL:8443. Replace UAA-URL with the domain name you configured in the UAA pane of the PKS tile. For example:

    $ uaac target

  2. Authenticate with UAA using the secret you retrieved in the previous section. Run the following command, replacing UAA-ADMIN-SECRET with your UAA admin secret:

    uaac token client get admin -s UAA-ADMIN-SECRET

  3. Create a user by running uaac user add USERNAME --emails USER-EMAIL -p USER-PASSWORD. For example:

    $ uaac user add alana --emails -p password

  4. Assign a scope to the user to allow them to access Kubernetes clusters. Run uaac member add UAA-SCOPE USERNAME, replacing UAA-SCOPE with one of the following UAA scopes:

    • pks.clusters.admin: Users with this scope have full access to all clusters.
    • pks.clusters.manage: Users with this scope can only access clusters they create.

    For example:

    $ uaac member add pks.clusters.admin alana

Create a pull request or raise an issue on the source for this page in GitHub